Описание
Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:doist:todoist:8484:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00068
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
4 месяца назад
Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.
EPSS
Процентиль: 21%
0.00068
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79